Information Security – Data Breach

Ovidiy Stealer Malware Targets Windows Users Despite Glaring Issues

by

Ovidiy Stealer Malware Targets Windows Users Despite Glaring Issues.
A new malware, known as Ovidiy Stealer, is making the rounds on Russian websites.
Ovidiy Stealer can be an Annoyance As is the case with any type of malware designed to steal information from people’s devices, Ovidiy Stealer can prove to be a real pain in the neck.
It pops up in some fake cryptocurrency wallets, games, and hacked software versions.
So far, it does not appear any cryptocurrency users have had their wallet information stolen.
At most, people will pay just $13 for it.
Criminals purchasing this particular tool often embed it in executable files distributed through peer-to-peer protocols such as torrents.Several filenames have been identified already, which appear to relate to Litebitcoin, VK Hack Tool, World of Tanks, and a TeamSpeak update.
It also appears criminals distributing Ovidiy are trying to get more people infected through dedicated spam email campaigns.
Spreading a malware-laden executable as an email attachment to people all over the world certainly has a lot of potential to succeed.
A rather glaring list of shortcomings which make this malware more of an annoyance rather than a legitimate threat.

Local colleges educate students on cybersecurity

by

Local colleges educate students on cybersecurity.
For people such as Jake Mihevc, sometimes educating students to work in a rapidly changing global market starts with seeds planted locally.
“Students work together and they are ready for these work problems right when they develop a solution,” he said.
Mihevc said there is a constant supply of students to fill classes.
In the four years since the program’s inception, the program has educated 140 students.
Oftentimes, freshman college students come to the program as the result of exploration activities between the college and local high schools, such as an upcoming summer camp experience at MVCC where young students can learn the basics of networking.
Also, this summer, MVCC cybersecurity students are gearing up for an event called the Hackathon.
There, each team gets computers that have been compromised in one way or another and they must figure out how to secure any viruses and secure the system.
Utica College, which was one of the first educational institutions in the country to offer an economic crime investigation degree back in the mid-1990s, offers a bachelor’s degree in cybersecurity and information assurance, as well as a master’s degree in cybersecurity intelligence, forensics and cyber operations.
“From MVCC, students can transfer to four-year degree programs, but they get real-world, hands-on experience at MVCC through activities like the Hackathon,” Mihevc said.

DoT to seek detail over data breach from RJio: Telecom Secy

by

DoT to seek detail over data breach from RJio: Telecom Secy.
The Department of Telecom will soon seek details of alleged subscriber data breach of Reliance Jio, a top official said on Friday. “They (company) have not come to us but we will seek details from them,” Telecom Secretary Arun Sundararajan told reporters in response to query om DoT’s action over the alleged data breach of Reliance Jio.
There were reports on Sunday which claimed that customer data, including mobile numbers and other details of Reliance Jio users, were allegedly leaked on an independent website.
The company has filed a police complaint in this regard.
A 35-year-old computer science dropout from Rajasthan has been arrested for his alleged involvement in the case.
The accused has been identified by his nickname ‘Imran Chippa’ and was arrested from Churu district in Rajasthan.
A resident of Sujangarh town, Chhipa had made the website Magicapk.
He claimed to provide Jio user data through his website, police said.
A Maharashtra Cyber Police senior officer confirmed that some leak had occurred but declined to share details about the quantum of the breach.

Indians call for changes in law after alleged data breach

by

Indians call for changes in law after alleged data breach.
MUMBAI: Fears Indian telecom upstart Reliance Jio suffered a major data breach, compromising the personal data of over 100 million customers, have prompted calls for India to adopt more robust laws to protect consumers.
Jio has repeatedly denied any breach took place and said that names, telephone numbers and email addresses of Jio users on a website called “Magicapk” appeared to be “inauthentic.”
In contrast to companies in the European Union, which has stringent data protection standards, companies in India do not have to disclose data breaches to clients, information security professionals said. “It raises questions of security and accountability,” said Pranesh Prakash, policy director at the Centre for Internet and Society (CIS), a research organisation.
Advocates of stronger laws in India say a data breach in countries with more stringent cyber laws, such as Britain or the United States, would prompt an inquiry by regulators.
After reports of a data leak at Verizon earlier this week, for example, the U.S. telecoms firm quickly responded with an explanation of what had occurred, how it had happened and the extent of the problem.
In May alone, there were two data security incidents in India.
Separately, a CIS report said the Aadhaar numbers of as many as 135 million Indians had leaked from government databases and could be found online.
In 2010, a European Union study of data protection in India noted there were “no aspects of India’s data protection which would unequivocally be regarded as ‘adequate’ by European Union standards as yet”.

Canadian found dead in Thai cell wanted for running ‘dark web’ market

by

Canadian found dead in Thai cell wanted for running ‘dark web’ market.
A 26-year-old Canadian found dead in his Thai police cell this week was wanted in the US for allegedly running a massive “dark web” marketplace for drugs and other contraband, a police source told AFP news agency on Saturday.
Thai police arrested Alexandre Cazes in Bangkok on July 5 and had planned to extradite him to the US, where he faced drug trafficking and money laundering charges.
But the computer programmer hanged himself with a towel in his detention cell a week later on July 12, according to Thai anti-narcotics police, who have been tight-lipped on the details of his case. “It’s a huge dark web market that trafficks drugs and sells other illegal stuff,” the police officer said, requesting anonymity.
Speculation is rife that the underground marketplace was AlphaBay, considered the world’s largest and most lucrative darknet bazaar until it was taken down within hours of Cazes’ arrest.
A digital currency, used to make payments of any value without fees.
Satoshi Nakamoto, a secretive internet user, invented bitcoin in 2008 before it went online in 2009.
People see value in money free from government control and the fees banks charge; as well as the blockchain, to verify transactions. “He didn’t have any business in Thailand but he had many houses,” the officer said, adding that Cazes’ Thai wife has since been charged with money laundering.

Adultery website Ashley Madison agrees to pay $11.2 million in the data breach settlement

by

Adultery website Ashley Madison agrees to pay $11.2 million in the data breach settlement.
The owner of the Ashley Madison adultery website said on Friday it will pay $11.2 million to settle U.S. litigation brought on behalf of roughly 37 million users whose personal details were exposed in a July 2015 data breach.
Ashley Madison marketed itself as a means to help people, primarily men, cheat on their spouses, and was known for its slogan “Life is short.
Have an affair.” But the breach cost privately held Ruby more than a quarter of its revenue and prompted the Toronto-based company to spend millions of dollars to improve security and user privacy.
Last December, Ruby agreed to pay $1.66 million to settle a probe by the U.S. Federal Trade Commission and several states into lax data security and deceptive practices, also without admitting liability.
According to Friday’s settlement, users with valid claims can recoup up to $3,500 depending on how well they can document their losses attributable to the breach.
Layn Phillips, a former federal judge who mediated the settlement, said in a court filing that the accord offered “a valuable recovery for the class in the face of many obstacles,” including Ruby’s preference that victims arbitrate their claims.
Lawyers for Ashley Madison users may receive up to one-third of the $11.2 million payouts to cover legal fees, court papers show.
The case is In re: Ashley Madison Customer Data Security Breach Litigation, U.S. District Court, Eastern District of Missouri, No.
Reuters Publish date: July 15, 2017 10:05 am| Modified date: July 15, 2017 10:07 am

TN Comptroller’s web site hacked

by

TN Comptroller’s web site hacked.
The Tennessee Comptroller’s Office’s web site was hacked into on Friday morning.
The Comptroller’s office said the incident occurred about 9:30 a.m. on Friday when someone posted a message on the web site.
The web site was incorrect for about 30 minutes before the IT department noticed the issued and pulled down the web site.
Technicians are continuing to test all computers and the web site.
A spokesperson said nothing was compromised when the incident occurred.
If North Korea is bombed, Washington will be bombed too.
It is stupid for America to be ruled by an idiot like Trump and remember the North Korean It is ruled by Kim, the wise man who is not afraid of anyone.
We apologize for any inconvenience.
All rights reserved.